Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes....
9.4AI Score
0.004EPSS
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes....
9.4AI Score
0.004EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5484 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
9.8CVSS
8.2AI Score
0.004EPSS
Hitachi Energys RTU500 Series Product Out-of-Bounds Read (CVE-2022-23937)
A vulnerability exists in the Wind River VxWorks version 6.9 that affects the RTU500 series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 – 12.0.14 12.2.1 – 12.2.11 12.4.1 – 12.4.11 12.6.1 – 12.6.8 12.7.1 – 12.7.5 13.2.1 – 13.2.5 13.3.1 – 13.3.3 13.4.1 In Wind River...
7.5CVSS
7.6AI Score
0.001EPSS
9.8CVSS
7.9AI Score
0.966EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
6.5AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.001EPSS
The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned--human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move...
6.8AI Score
pg-leonardo.cz Cross Site Scripting vulnerability OBB-3667121
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
pg-rain.de Cross Site Scripting vulnerability OBB-3651298
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
ruby:2.7 security, bug fix, and enhancement update
An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, module.rubygem-bson, ruby, rubygem-bson, rubygem-pg, rubygem-mongo, module.rubygem-mysql2, rubygem-abrt, module.ruby, module.rubygem-mongo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System...
8.8CVSS
6.8AI Score
0.004EPSS
Rocky Linux 8 : ruby:2.7 (RLSA-2023:3821)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3821 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...
8.8CVSS
6.4AI Score
0.004EPSS
Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2023-280)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-280 advisory. Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509...
5.3CVSS
6.9AI Score
0.001EPSS
7.1AI Score
AlmaLinux 8 : ruby:2.7 (ALSA-2021:2584)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2584 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not...
7.5CVSS
7AI Score
0.003EPSS
AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2588 advisory. Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845) ...
8.1CVSS
8AI Score
0.019EPSS
Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were.....
7.6AI Score
Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework
Documentation What is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash...
7.1AI Score
7.1AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle (SUSE-SU-2023:2843-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2843-1 advisory. Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability...
5.3CVSS
6.9AI Score
0.001EPSS
5.3CVSS
6.5AI Score
0.001EPSS
Oracle Linux 8 : ruby:2.7 (ELSA-2023-3821)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3821 advisory. A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...
8.8CVSS
7.2AI Score
0.004EPSS
ruby:2.7 security, bug fix, and enhancement update
ruby [2.7.8-139] - Upgrade to Ruby 2.7.8. Resolves: rhbz#2149262 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in Time. Resolves: CVE-2023-28756 rubygem-abrt [0.4.0-1] - Update to abrt...
8.8CVSS
7AI Score
0.004EPSS
AlmaLinux 8 : ruby:2.7 (ALSA-2023:3821)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3821 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...
8.8CVSS
7.8AI Score
0.004EPSS
(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7). (BZ#2189465) Security Fix(es): ruby/cgi-gem: HTTP response...
6.9AI Score
0.004EPSS
RHEL 8 : ruby:2.7 (RHSA-2023:3821)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3821 advisory. ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...
8.8CVSS
7.7AI Score
0.004EPSS
CentOS 8 : ruby:2.7 (CESA-2023:3821)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:3821 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...
8.8CVSS
6.6AI Score
0.004EPSS
Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7). (BZ#2189465) Security Fix(es): ruby/cgi-gem: HTTP response...
8.8CVSS
6.9AI Score
0.004EPSS
pg-pak.com Cross Site Scripting vulnerability OBB-3433547
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
7.1AI Score
pg-a.co.jp Cross Site Scripting vulnerability OBB-3380712
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Oracle Linux 8 : kernel (ELSA-2023-2951)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2951 advisory. cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read)...
8.7AI Score
0.002EPSS
AlmaLinux 8 : kernel-rt (ALSA-2023:2736)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2736 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...
8.7AI Score
EPSS
AlmaLinux 8 : kernel (ALSA-2023:2951)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2951 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...
8.7AI Score
EPSS
Introducing: ‘Saved Filters’ in InsightCloudSec
Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....
6.7AI Score
RHEL 8 : kernel (RHSA-2023:2951)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2951 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....
8.7AI Score
EPSS
RHEL 8 : kernel-rt (RHSA-2023:2736)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2736 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....
8.7AI Score
EPSS
Oracle Linux 9 : kernel (ELSA-2023-2458)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2458 advisory. A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function...
8.4AI Score
EPSS
AlmaLinux 9 : kernel (ALSA-2023:2458)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2458 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...
8.2AI Score
EPSS
AlmaLinux 9 : kernel-rt (ALSA-2023:2148)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2148 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...
8.2AI Score
EPSS
RHEL 9 : kernel-rt (RHSA-2023:2148)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2148 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....
8.3AI Score
EPSS
RHEL 9 : kernel (RHSA-2023:2458)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2458 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....
8.4AI Score
EPSS
(RHSA-2023:2097) Important: Satellite 6.13 Release
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751...
8.2AI Score
0.972EPSS
Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-12357)
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.3AI Score
0.0004EPSS
6.9AI Score
Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-12360)
Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.8AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2)
The version of AOS installed on the remote host is prior to 6.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2 advisory. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain...
8.7AI Score
EPSS
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body...
5.4CVSS
5.9AI Score
0.001EPSS
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP...
7.5CVSS
7AI Score
0.001EPSS
pg-rain.de Cross Site Scripting vulnerability OBB-3268145
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score